Details

When Lync connects to the server, it supports various authentication mechanisms. This policy allows the user to specify whether Digest and Basic authentication are supported. Disabled (default): NTLM/Kerberos/TLS-DSK/Digest/Basic Enabled: Authentication mechanisms: NTLM/Kerberos/TLS-DSK Gal Download: Requires HTTPS if user is not logged in as an internal user.

Solution

Set the policy value for Computer Configuration -> Administrative Templates -> Skype for Business 2016 -> Microsoft Lync Feature Policies 'Configure SIP security mode' to 'Enabled'.

Supportive Information

The following resource is also helpful.

• http://iasecontent.disa.mil/stigs/zip/U_Microsoft_Skype_for_Business_2016_V1R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

• 800-53|SC-23
• CAT|II
• CCI|CCI-001184
• Rule-ID|SV-85527r1_rule
• STIG-ID|DTOO421
• Vuln-ID|V-70903

Source

• Tenable.com/audits